The Authorizer.getAlias() method should return a unique identifier. The Web Services Security runtime invokes the Authorizer.authorize() method to authorize the clients. In the process, com.ibm.pvcws.wss.auth.AuthorizationContext passes the username and user role information used for client authentication. The AuthorizationContext class has two methods:

public class AuthorizationContext extends Context {

public String getUsername();

public java.util.List getRole();

}

The AuthorizationContext.getUsername() method returns the client’s username. The AuthorizationContext.getRole() method returns the user role information. While you can authorize the clients with just these two pieces of information, you need some additional steps described below in order to get user role information.

After you develop your custom authorizer, you must also update the Activator file in your Web Services provider project to expose the authorizer as an OSGi service. Please add the following code (below, in bold) into the Activator file. When you register your custom authorizer as an OSGi service in the start() method, you must instantiate your custom authorizer.